On Monday, July 27, Garmin began restoring services to Garmin Connect. Some functionality was limited, but the basics were working. "We are happy to report that Garmin Connect recovery is underway. We'd like to thank you for your understanding and patience as we restore normal operations," the company said.
Meanwhile, the clock is ticking as Garmin is scheduled to report earnings Wednesday. Customers will want answers, but Wall Street will want more clarity. Garmin's success story and run of strong quarters are going to be overshadowed by its cyberattack.
We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.
But the focus on Garmin Connect loses the plot. I'm a long-time customer of Garmin and use its devices for runs, quantified self data, and now, metrics such as Body Battery and Pulse Ox. Garmin may take a reputation hit, but Garmin is much more than just fitness wearables and smartwatches. Garmin also operates critical data infrastructure for automotive, aviation, and marine as well as enterprise health.
Garmin better hope that its woes are due to a ransomware attack forcing it to rebuild systems. Garmin's data would be of interest to a state actor, too.
In other words, Garmin got off easy this time. Next time, Garmin's data could be used for something worse. All you need to recall is how Strava data was able to pinpoint troops and then you realize how valuable Garmin data could be.
Now the Pentagon has banned GPS devices, but the Strava incident gives you an idea of what's possible.
We collect, store, process, and use personal information and other user data. Our users' personal information may include, among other information, names, addresses, phone numbers, email addresses, payment account information, height, weight, age, gender, heart rates, sleeping patterns, GPS-based location, and activity patterns. Due to the volume and types of the personal information and data we manage and the nature of our products and applications, the security features of our platform and information systems are critical. If our security measures or applications are breached, are disrupted or fail, unauthorized persons may be able to obtain access to user data. If we or our third-party service providers, business partners, or third-party apps with which our users choose to share their Garmin data were to experience a breach, disruption or failure of systems compromising our users' data or the media suggested that our security measures or those of our third-party service providers were insufficient, our brand and reputation could be adversely affected, use of our products and services could decrease, and we could be exposed to a risk of loss, litigation, and regulatory proceedings. Depending on the nature of the information compromised, in the event of a data breach, disruption or other unauthorized access to our user data, we may also have obligations to notify users about the incident and we may need to provide some form of remedy for the individuals affected by the incident.
Garmin goes on to note that system and data breaches could result in higher costs via security experts, consultants, and remediation costs. Rest assured that Garmin is overrun with security experts and consultants as we speak.
Can Garmin recover? Certainly.
Equifax turned its data breach debacle into new products. Other ransomware attack victims, including some cities, have recovered. Garmin may have just suffered a blip in a long run of innovation, but it will need to step up its security game going forward. All this outage at Garmin proves is that the company is vulnerable to attacks.